fix(security): harden imessage remote scp/ssh handling

2026-05-06 12:51:37 +00:00 · 2026-02-19 11:07:56 +01:00
parent cdb00fe242
commit 49d0def6d1
12 changed files with 150 additions and 12 deletions
--- a/src/config/zod-schema.providers-core.ts
+++ b/src/config/zod-schema.providers-core.ts
@@ -1,4 +1,5 @@
 import { z } from "zod";
+import { isSafeScpRemoteHost } from "../infra/scp-host.js";
 import {
  normalizeTelegramCommandDescription,
  normalizeTelegramCommandName,
@@ -804,7 +805,10 @@ export const IMessageAccountSchemaBase = z
    configWrites: z.boolean().optional(),
    cliPath: ExecutableTokenSchema.optional(),
    dbPath: z.string().optional(),
-    remoteHost: z.string().optional(),
+    remoteHost: z
+      .string()
+      .refine(isSafeScpRemoteHost, "expected SSH host or user@host (no spaces/options)")
+      .optional(),
    service: z.union([z.literal("imessage"), z.literal("sms"), z.literal("auto")]).optional(),
    region: z.string().optional(),
    dmPolicy: DmPolicySchema.optional().default("pairing"),